I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
Trojan FakeAV
Also known as: Trojan Crypt, Trojan Downloader.Generic
SHA256: 8769bc8ce00bc0b08a98c71c738fd1ee2963882b3467e6dfcc64295b885905ba
SHA1: 2fc6606dc1fdcd88fb3ce37ec2219be8c9459b25
MD5: a721927df61240e03b02738bac54c56f
File size: 77824 bytes
Created files:
%WinDir%\shell.exe – Trojan FakeAV
%SysDir%\config\systemprofile\Application Data\spoolsvc.dll – Trojan FakeAV
%SysDir%\config\systemprofile\Start Menu\Programs\Startup\findfast.exe – Trojan FakeAV
%SysDir%\printer.exe – Trojan FakeAV
%SysDir%\spoolvs.exe – Trojan FakeAV
%Common Startmenu%\Programs\Startup\autorun.exe – Trojan FakeAV
Trojan FakeAV created autostart registry keys:
HKLM\Software\Classes\Applications\iexplore.exe\shell\open\command : “%Program Files%\Internet Explorer\iexplore.exe” %1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Printer: %WinDir%\System32\printer.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe %WinDir%\shell.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Spoolsv: %WinDir%\System32\spoolvs.exe